chore(deps): remove useless @ethereumjs/common direct dependency

[dependabot]

Remove useless @ethereumjs/common direct dependency

Important

After bumping version, it appeared that ethereumjs/common was not required anymore in the app as a direct dep.
This allowed removing @ethereumjs/common and bump other indirect dependencies that were locked by this direct ethereumjs/common dependency version.
ethereumjs/common is still used but in other modules with other versions.

This PR:

• removes @ethereumjs/common dependency (usage and package import)
• updates indirect dependencies not locked anymore
• fixes export and imports of buildUnserializedTransaction function
• dedup updated yarn lock

Initial dependabot description

Bumps @ethereumjs/common from 2.6.5 to 4.3.0.

Release notes

Sourced from @​ethereumjs/common's releases.

@​ethereumjs/common v4.3.0

Full 4844 Browser Readiness

WASM KZG

Shortly following the "Dencun Hardfork Support" release round from last month, this is now the first round of releases where the EthereumJS libraries are now fully browser compatible regarding the new 4844 functionality, see PRs #3294 and #3296! 🎉

Our WASM wizard @​acolytec3 has spent the last two weeks and created a WASM build of the c-kzg library which we have released under the kzg-wasm name on npm (and you can also use independently for other projects). See the newly created GitHub repository for some library-specific documentation.

This WASM KZG library can now be used for KZG initialization (replacing the old recommended c-kzg initialization), see the respective README section from the tx library for usage instructions (which is also accurate for the other using upstream libraries like block or EVM).

Note that kzg-wasm needs to be added manually to your own dependencies and the KZG initialization code needs to be adopted like the following (which you will likely want to do in most cases, so if you deal with post Dencun EVM bytecode and/or 4844 blob txs in any way):

import { loadKZG } from 'kzg-wasm'
import { Chain, Common, Hardfork } from '@ethereumjs/common'
const kzg = await loadKZG()
// Instantiate common
const common = new Common({
chain: Chain.Mainnet,
hardfork: Hardfork.Cancun,
customCrypto: { kzg },
})

Manual addition is necessary because we did not want to bundle our libraries with WASM code by default, since some projects are then prevented from using our libraries.

Note that passing in the KZG setup file is not necessary anymore, since this is now defaulting to the setup file from the official KZG ceremony (which is now bundled with the KZG library).

Trie Node.js Import Bug

Since this fits well also to be placed here relatively prominently for awareness: we had a relatively nasty bug in the @ethereumjs/trie library with a Node.js web stream import also affecting browser compatibility, see PR #3280. This bug has been fixed along with these releases and this library now references the updated trie library version.

Other Changes

• TypeScript type fixes leading to build problems with certain tools (Vercel), PR #3306
• Early support for EIP-2935 - "Save historical block hashes in state" (Verkle related, likely subject to change), PRs #3268 and #3327

@​ethereumjs/common v4.2.0

Dencun Hardfork Support

While all EIPs contained in the upcoming Dencun hardfork run pretty much stable within the EthereumJS libraries for quite some time, this is the first release round which puts all this in the official space and removes "experimental" labeling preparing for an imminent Dencun launch on the last testnets (Holesky) and mainnet activation! 🎉

Dencun hardfork on the execution side is called Cancun and can be activated within the EthereumJS libraries (default hardfork still Shanghai) with a following common instance:

</tr></table> 

... (truncated)

Commits

• 48e6a30 4844 Browser Readiness Releases (#3297)
• a413006 Update EIP-2935 to latest draft spec (#3327)
• e38a521 Fix RPCStateManager Inconsistincy (#3323)
• a70312d Integrate Simplified kzg-wasm Version / Deprecate Util.initKZG() (#3321)
• 906b362 export getOpcodesForHF (#3322)
• 6766a5d EVM/VM create() Static Constructor Reworking (#3315)
• 20d088e Fix node versions (#3286)
• 891ee51 Trie: add partialPath parameter to trie.findPath() (#3305)
• 435606e Common Type Fixes (#3307)
• 5e3cfdd Update rustbn-wasm usage (#3304)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@scure/base@1.1.6	None	0	80.4 kB	paulmillr

🚮 Removed packages: npm/@noble/curves@1.1.0, npm/@scure/base@1.1.3

View full report↗︎

[socket-security]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report↗︎

[NicolasMassart]

@dependabot rebase

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[github-actions]

Bitrise

❌❌❌ pr_smoke_e2e_pipeline failed on Bitrise! ❌❌❌

Commit hash: 26f057b
Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/62ff687b-61de-439e-b70b-2207ccdacb6b

Note

• You can kick off another pr_smoke_e2e_pipeline on Bitrise by removing and re-applying the Run Smoke E2E label on the pull request

[NicolasMassart]

@SocketSecurity ignore npm/@ethereumjs/util@9.0.3

[github-actions]

Bitrise

✅✅✅ pr_smoke_e2e_pipeline passed on Bitrise! ✅✅✅

Commit hash: 7384b58
Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/cfce01d9-1dcb-4478-b62b-31d9048d8fef

Note

• You can kick off another pr_smoke_e2e_pipeline on Bitrise by removing and re-applying the Run Smoke E2E label on the pull request

[NicolasMassart]

After bumping version, it appeared that ethereumjs/common was not required anymore in the app as a direct dep.
It allowed removing it and bump other indirect dependencies that were locked by this direct ethereumjs/common dependency version.
ethereumjs/common is still used but in other modules with other versions.
Adding this in PR description.

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud